Re: NS Cache

Wed, 26 Jan 2011 12:47:09 -0800 

On 1/25/2011 9:40 PM, p...@mail.nsbeta.info wrote:



I'm reading the document "Secure DNS Deployment Guide" got from the 
URL a poster gave in the list.

The document said:

When a user types the URL www.example.com into a Web browser, the 
browser program contacts a type of resolver called a stub resolver 
that then contacts a local name server (called a recursive name server 
or resolving name server). The resolving name server will check its 
cache to determine whether it has valid information (the information 
is determined to be valid
on the basis of criteria described later in this document) to provide 
IP address for the accessed Internet resource 
(i.e.,www.marketing.example.com). If not, the resolving name server 
checks the cache to determine whether it has the information regarding 
the name server for the zone marketing.example.com (since this is the 
zone that is expected to contain the resource 
www.marketing.example.com). If the name server!ˉs IP address is in the 
cache, the resolver!ˉs ne query will be directed against that name 
server. If the IP address of the name server of marketing.example.com 
is not available in the cache, the resolver determines whether it has 
the name server information for a zone that is one level higher than 
marketing.example.com (i.e., example.com). If the name server 
information for example.com is not available, the next search will be 
for the name server of the .com zone in the cache.


I think the statement below is wrong?

If not, the resolving name server checks the cache to determine 
whether it > has the information regarding the name server for the 
zone marketing.example.com (since this is the zone that is expected 
to contain > the resource www.marketing.example.com). 




How does the resolver know www.marketing.example.com is a domain name 
or a zone? www.marketing.example.com can also be a zone which has 
valid NS records. So I was thinking the resolver shall check the cache 
firstly to see whether it has the NS records for the zone 
www.marketing.example.com, if not, then to check the NS for 
marketing.example.com. Am I right?





Yeah, it's wrong. A resolver that followed the algorithm described in 
that paper might operate slightly less efficiently than one which 
follows the standard resolver algorithm.


But, hey, it's close enough for government work...


                                                                        
                                                                        
                                        - Kevin




_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users





















					Reply via email to